Internal Controls

What are internal controls?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a report called The Internal Control Integrated Framework, also known simply as the COSO Report, or as the COSO Framework. It has become a widely accepted definition of internal control as: “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

What is the COSO Framework for internal controls?

The COSO framework for internal controls was originally published in the 1992 COSO Report, but has since been updated. According to the 2013 version of the COSO report, internal controls are defined by 17 guiding principles broken down into five categories:

Control environment

Commitment to integrity and ethics

Oversight responsibility

Establishing structure, authority and responsibility

Commitment to competence

Enforcement of accountability

Risk assessment

Specification of objectives

Risk identification and analysis

Fraud risk assessment

Identification and analysis of significant change

Control activities

Selection and development of risk mitigation activities

Selection and development of general technology controls

Deployment of controls-based policies and procedures

Information and communication

Use of relevant, important information

Internal communications

External communicaitons

Monitoring

Ongoing or separate evaluations of processes

Evaluation and communication of known deficiencies in program

What is an internal control framework?

A control framework is an organization’s individual implementation of its own sense of internal control, most often guided by the general principles and procedures laid out by the COSO Framework.

How do internal controls pay a part in accounting?

In accounting, internal controls often focus on seven operational principles identified as being conducive to best practices in accounting:

Separation of duties of bookkeeping, deposits, reporting, and auditing

Access controls to different parts of the accounting system to prevent any unauthorized access to it and its data

Physical audits of cash and assets

Documentation used for financial transactions, inventory receipts and expenses

Trial balances to test the accuracy and balancing of financial books

Reconciliations to ensure that accounting balances match up with balances held by external entities, such as banks and suppliers

Approval authority to prove that transactions have been adequately reviewed and approved at all levels